Lucene search
+L

79 matches found

OSV
OSV
added 2018/07/12 6:29 p.m.4 views

UBUNTU-CVE-2018-13796

An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site...

6.5CVSS6.7AI score0.02541EPSS
Exploits0References5
Cvelist
Cvelist
added 2018/07/12 6:0 p.m.16 views

CVE-2018-13796

An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site...

6.1AI score0.02541EPSS
Exploits0References5
Hacker One
Hacker One
added 2017/10/17 3:53 p.m.18 views

Inflection: Limited arbitrary text inclusion in user invite emails

When creating a GoodHire account, a fairly wide range of ASCII characters are permitted in certain fields like Company Name. This field is included in email templates that are automatically sent to new users when an account owner invites them to join a GoodHire account. Theoretically, spam conten...

6.8AI score
Exploits0
NVD
NVD
added 2016/12/15 6:59 a.m.20 views

CVE-2016-4048

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Custom messages can be shown at the login screen to notify external users about issues with sharing links. This mechanism can be abused to inject arbitrary text messages. Users may get tricked to follow instructions injected...

4.3CVSS4.7AI score0.01159EPSS
Exploits1References2
Cvelist
Cvelist
added 2016/12/15 6:31 a.m.23 views

CVE-2016-4048

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Custom messages can be shown at the login screen to notify external users about issues with sharing links. This mechanism can be abused to inject arbitrary text messages. Users may get tricked to follow instructions injected...

4.7AI score0.01159EPSS
Exploits1References2
Zero Day Initiative
Zero Day Initiative
added 2016/02/11 12:0 a.m.29 views

Novell Zenworks ChangePassword XPath Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to exfiltrate arbitrary text files on vulnerable installations of Novell Zenworks. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ChangePassword RPC method. By providing a malformed query, an attacker ca...

5CVSS5.9AI score0.01272EPSS
Exploits0References1
CVE
CVE
added 2015/11/12 2:0 a.m.48 views

CVE-2015-7817

CVE-2015-7817 affects IBM System Networking Switch Center (SNSC) prior to 7.3.1.5 and Lenovo Switch Center prior to 8.1.2.0. A race condition in the administration-panel web service enables remote attackers to obtain privileged-account access, then feed FileReader.jsp input containing directory t...

7.1CVSS6.6AI score0.01413EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2014/10/27 1:55 a.m.40 views

CVE-2014-0136

The 1 get and 2 log methods in the AgentController in Red Hat CloudForms 3.0 Management Engine CFME 5.x allow remote attackers to insert arbitrary text into log files via unspecified vectors...

5CVSS6.8AI score0.01567EPSS
Exploits0References2
Cvelist
Cvelist
added 2014/10/27 1:0 a.m.24 views

CVE-2014-0136

The 1 get and 2 log methods in the AgentController in Red Hat CloudForms 3.0 Management Engine CFME 5.x allow remote attackers to insert arbitrary text into log files via unspecified vectors...

6.8AI score0.01567EPSS
Exploits0References2
Cisco
Cisco
added 2014/05/20 2:44 p.m.51 views

Cisco Unified Web and E-Mail Interaction Manager Broken Authentication Vulnerability

A vulnerability in Cisco Unified Web and E-Mail Interaction Manager could allow an unauthenticated, remote attacker to capture, forge, or brute force a session identifier transmitted as a parameter in GET requests. The vulnerability is due to improper use of session identifiers in GET requests. A...

4.3CVSS6.6AI score0.00958EPSS
Exploits0References1
exploitpack
exploitpack
added 2014/05/19 12:0 a.m.21 views

HP Release Control - (Authenticated) XML External Entity (Metasploit)

HP Release Control - Authenticated XML External Entity Metasploit This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'HP Release Control Authenticated XXE', 'Description' = %q This modu...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2014/05/19 12:0 a.m.38 views

HP Release Control 9.20.0000 Build 395 XXE

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'HP Release Control Authenticated XXE', 'Description' = %q This module take advantage of three separate vulnerabilities in order to re...

9CVSS6.6AI score0.06839EPSS
Exploits1
Zero Day Initiative
Zero Day Initiative
added 2013/12/18 12:0 a.m.29 views

EMC Connectrix Manager Converged Network Edition inmservlets.war Information Disclosure Vulnerability

This vulnerability allows remote attackers to read arbitrary text files on vulnerable installations of EMC Connectrix Manager Converged Network Edition. Authentication is not required to exploit this vulnerability. The specific flaw exists within one of the pages served as part of the immservlets...

7.8CVSS2.8AI score0.17004EPSS
Exploits9References1
NVD
NVD
added 2013/09/23 10:18 a.m.16 views

CVE-2013-5490

Cisco Prime Data Center Network Manager DCNM before 6.21 allows remote attackers to read arbitrary text files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue, aka Bug ID CSCud80148...

7.8CVSS6.7AI score0.01707EPSS
Exploits0References3
Prion
Prion
added 2013/09/23 10:18 a.m.21 views

Xxe

Cisco Prime Data Center Network Manager DCNM before 6.21 allows remote attackers to read arbitrary text files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue, aka Bug ID CSCud80148...

7.8CVSS7.2AI score0.01707EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2012/11/18 9:0 p.m.22 views

CVE-2012-4942

Multiple cross-site scripting XSS vulnerabilities in Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote attackers to inject arbitrary web script or HTML via an arbitrary text field...

5.8AI score0.01001EPSS
Exploits0References2
Cvelist
Cvelist
added 2012/06/13 3:0 p.m.28 views

CVE-2012-2606

The agent in Bradford Network Sentry before 5.3.3 does not require authentication for messages, which allows remote attackers to trigger the display of arbitrary text on a workstation via a crafted packet to UDP port 4567, as demonstrated by a replay attack...

6.9AI score0.02073EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2011/07/16 12:0 a.m.23 views

MyST BlogSite URL Redirect / Information Leakage

=============================== MyST BlogSite | Multiple Vulnerabilities =============================== 1. VULNERABILITY DESCRIPTION -- Issue Title: Arbitrary URL Redirect Component: MyST BlogSite ClickDirector Ref: OWASP - Top 10 - 2010 - A10 Ref-Link:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2009/05/08 12:0 a.m.20 views

Claroline 1.8.11 Cross Site Scripting

Author: Gerendi Sandor Attila Original Advisory: http://gsasec.blogspot.com/2009/05/claroline-v1811-cross-site-scripting.html Date: May 05, 2009 Package: Claroline 1.8.11 Product Homepage: http://www.claroline.net/ Versions Affected: v.1.8.11 Other versions may also be affected Severity: Medium...

7.4AI score
Exploits0
Rows per page
Query Builder